460 likes | 598 Views
Trust² - Information rights management with eID. Kris De Sloovere Project Manager Trust² - RMS consultant Certipost www.certipost.be. About Trust2. Joint initiative of Microsoft and Certipost
E N D
Trust² - Information rights management with eID Kris De Sloovere Project Manager Trust² - RMS consultant Certipost www.certipost.be
About Trust2 • Joint initiative of Microsoft and Certipost • Trustworthy Information Exchange for any users of any Windows based applications seeking to protect the privacy of information
Agenda • Information rights management • Trust² for Office demo • Trust² architecture • Software integration tools • Code example • How to start • Summary
Yes People No Today’s Information Protection File Access Control List File
Yes Yes People People No The solution: Information Rights Management File Information Rights Management Do not forward Do not Copy …. Access Control User Management
Information Rights Management + eID authentication =
Trust2 for MS Office at Work.. Trustworthy information exchange for Office documents, web content and Outlook emails
Trust2 for MS Office at Work.. Trustworthy information exchange for Office documents, web content and Outlook emails
Windows RMS Workflow • Author receives a client licensor certificate the “first time” they rights-protect information. Active Directory SQL Server • Author defines a set of usage rights and rules for thier file; Application creates a “publishing license” and encrypts the file. RMS Server • Author distributes file. 4 1 • Recipient clicks file to open, the application calls to the RMS server which validates the user and issues a “use license.” 2 5 3 • Application renders file and enforces rights. Information Author The Recipient
RMS certificates • Account certificate: • Contains identity • Client licensor certificate • Enables offline protected document creation • Publishing license • Expresses the rights • Use license • Permit to open documents
RMS certificates Account certificate Account certificate Information Author Publishing license Client licensor certificate The Recipient Use license
Safeguard financial, legal, HR content • Set level of access: view, print, export • View Office 2003 rights protected info Protect Sensitive Files • Control access to sensitive plans • Set level of access: view, change, print, etc. • Determine length of access Do-Not-Forward Email • Keep Executive e-mail off the Internet • Reduce internal forwarding of confidential information • Templates to centrally manage policies Safeguard Intranet Content Windows RMS Usage Scenarios Keep Internal Information Internal
RMS rights extensions • Protect your application’s content • Basic rights • Can read • Can modify • Is owner • Can print, can copy paste,… • Custom rights • E.g. can rotate drawing, can play audio,… • Based on XRML
Trust² architecture • Trust² server • Windows RMS server • Trust² eID authentication layer - OCSP • Trust² online user registration • Trust² user registration XML WS • Client • Windows RMS client • Trust² enabled software: • MS Office 2003 Professional • MS IE Rights Management Add-on
Trust² architecture ServerTrust² RMS XML Web service Trust² user registration Trust² user registration XML Web service Server Your application Client RMS Client MS Office IE Add-on Your application
Software integration tools • Information rights management: • RMS Client SDK • Windows 2000 Service Pack 3, Windows 98 Second Edition, Windows ME, Windows Server 2003, Windows XP • RMS Server SDK • Windows Server 2003 • RMS Security Guidelines.doc • Trust² user registration • Trust² registration WS
Demo RMS client SDK ServerTrust² RMS XML Web service Trust² user registration Trust² user registration XML Web service Server Your application Client RMS Client MS Office IE Add-on Your application
RMS certificates Account certificate Account certificate Information Author Publishing license Client licensor certificate The Recipient Use license
Demo RMS client SDK • User is Trust² registered • RMS User activation: • Obtain ‘user account certificate’ • Basic RMS user certificate • Necessary to obtain • Publishing license • Use license
Demo RMS client SDK // Create a client session for the user (group identity) // to be activated hr = DRMCreateClientSession ( &OnStatus, 0, DRM_DEFAULTGROUPIDTYPE_WINDOWSAUTH, wszUserId, // User Id &hClient ); …….. // if bMachine is true do Machine Activation else do Group Identity Activation hr = DRMActivate( hClient, (bMachine ? DRM_ACTIVATE_MACHINE : DRM_ACTIVATE_GROUPIDENTITY)|DRM_ACTIVATE_SILENT, 0, E_FAIL == hr ? NULL : pSvr, &hEvent, NULL ); Email address Trust² server Automatic eID pop up
Trust² user authentication • eID as primary token • Other X509 tokens supported • Custom synchronisation of identity management systems through the Trust² user registration WS
How to start • Request your test development account to Trust2 • Two free test accounts with Send/Recipient rights with 6 months validity • Developers support line • Ticketing based • Seminars and Training courses SIMPLY MAIL ISV@TRUST2.COM OR visit www.trust2.com
Conclusion: key message • eID is powerfull e-authentication and e-Signing infrastructure • Trust2 enables applications and web-sites to rely upon this infrastructure and Information Rights Management • Trust2 is an unique aggregation of all security and trust components to build digital workflows • Trust2 Development Kit available • Office2003 today, your application tomorrow?
Trust² www.trust2.com RMS client and SDK’s: www.microsoft.com/rms Meer informatie: